A Document was sent to you using a XEROX WorkJet OP578636.
SENT BY : JIN
IMAGES : 1
FORMAT (.JPEG) DOWNLOAD
The malicious payload is at [donotclick]mirdymas.ru:8080/forum/showthread.php?page=5fa58bce769e5c2 (report here) hosted on the following familiar IP addresses:
126.96.36.199 (Amazon, Ireland)
188.8.131.52 (Cloudaccess.net, US)
184.108.40.206 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem.
Leave a reply